UnixTime

Research Note

A.5.22 Audit Checklist

Use this during internal audits to verify that supplier services and security practices are monitored, reviewed, evaluated, and changed through a controlled process.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this during internal audits to verify that supplier services and security practices are monitored, reviewed, evaluated, and changed through a controlled process.

Checklist

  • Supplier monitoring procedure exists.
  • Supplier owners are assigned.
  • Review frequency is defined based on supplier risk.
  • Supplier service reports are received.
  • Supplier security reports are reviewed.
  • Review results and actions are recorded.
  • Supplier nonconformities are escalated and tracked.
  • Supplier incidents trigger internal review where relevant.
  • Supplier changes are assessed before approval where possible.
  • Material changes trigger risk reassessment.
  • Contract changes involve relevant stakeholders.
  • Supplier audit rights are used where risk justifies them.
  • Supplier audit findings are communicated, tracked, and resolved.
  • Iso27001
  • ISO27002
  • Template
  • Audit
  • A5 22

Note Metadata

Aliases: A.5.22 Checklist

Source: 90 Templates/A.5.22 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.